diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-01-06 21:29:28 +0100 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-01-06 21:29:28 +0100 |
commit | 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 (patch) | |
tree | 0949505186dda05681fd72f4e79462c478470a46 | |
parent | Some cleanup of L<> markup in pod files (diff) | |
download | openssl-77ff1f3b8bfaa348956c5096a2b829f2e767b4f1.tar.xz openssl-77ff1f3b8bfaa348956c5096a2b829f2e767b4f1.zip |
RT3662: Allow leading . in nameConstraints
Change by SteveH from original by John Denker (in the RT)
Reviewed-by: Rich Salz <rsalz@openssl.org>
-rw-r--r-- | crypto/x509v3/v3_ncons.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 06520fee41..25c1855149 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -405,7 +405,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } |